Personal data have become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. The contribution of this paper is the definition of a novel requirements engineering method that supports both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our work is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high-level goals to the definition of business process composition, and elicitation of mechanisms to fortify the system from external threats. The method is supported by two CASE tools. To demonstrate the applicability and usefulness of our work, the paper shows its applications to a real-world case study.

中文翻译：

---

对社会技术系统中的安全性，隐私和信任的相互作用进行建模：一种计算机辅助设计方法

个人数据已成为私营公司，公共组织或两者结合提供的多种企业应用程序和在线服务的核心资产。此类数据的敏感性以及管理过程中不断增长的法规决定了方法的开发，这些方法允许开发更加安全，可信赖的软件系统，并着重于隐私保护。本文的贡献是定义了一种新的需求工程方法的定义，该方法支持早期和晚期需求规范，并着重于安全性，隐私和信任。我们工作的新颖之处在于，它为软件设计人员和安全专家提供了从多个方面分析待开发系统的方法，从确定高层次的目标到定义业务流程组成，以及从机制中增强体系以免受外部威胁的影响。该方法由两个CASE工具支持。为了证明我们的工作的适用性和实用性，本文将其应用于实际案例研究中。